Merge pull request #3091 from charhate/pub_issuer

empty OU and date changes on UI
2020-08-19 11:31:46 -07:00 · 2020-08-19 11:31:46 -07:00 · 41b35fb13d
parent 14b73b73cf 5b96b3a032
commit 41b35fb13d
8 changed files with 62 additions and 8 deletions
--- a/docs/administration.rst
+++ b/docs/administration.rst
@ -172,6 +172,17 @@ Specifying the `SQLALCHEMY_MAX_OVERFLOW` to 0 will enforce limit to not create c
        PUBLIC_CA_MAX_VALIDITY_DAYS = 365


+.. data:: DEFAULT_MAX_VALIDITY_DAYS
+    :noindex:
+        Use this config to override the default limit of 1095 days (3 years) of validity. Any CA which is not listed in
+        PUBLIC_CA_AUTHORITY_NAMES will be using this validity to display date range on UI. Below example overrides the
+        default validity of 1095 days and sets it to 365 days.
+
+    ::
+
+        DEFAULT_MAX_VALIDITY_DAYS = 365
+
+
 .. data:: DEBUG_DUMP
    :noindex:

@ -229,7 +240,7 @@ and are used when Lemur creates the CSR for your certificates.

    ::

-        LEMUR_DEFAULT_ORGANIZATIONAL_UNIT = "Operations"
+        LEMUR_DEFAULT_ORGANIZATIONAL_UNIT = ""


 .. data:: LEMUR_DEFAULT_ISSUER_PLUGIN
--- a/lemur/authorities/schemas.py
+++ b/lemur/authorities/schemas.py
@ -109,6 +109,7 @@ class RootAuthorityCertificateOutputSchema(LemurOutputSchema):
    cn = fields.String()
    not_after = fields.DateTime()
    not_before = fields.DateTime()
+    max_issuance_days = fields.Integer()
    owner = fields.Email()
    status = fields.Boolean()
    user = fields.Nested(UserNestedOutputSchema)
@ -134,6 +135,7 @@ class AuthorityNestedOutputSchema(LemurOutputSchema):
    owner = fields.Email()
    plugin = fields.Nested(PluginOutputSchema)
    active = fields.Boolean()
+    authority_certificate = fields.Nested(RootAuthorityCertificateOutputSchema, only=["max_issuance_days"])


 authority_update_schema = AuthorityUpdateSchema()
--- a/lemur/certificates/models.py
+++ b/lemur/certificates/models.py
@ -311,6 +311,14 @@ class Certificate(db.Model):
    def validity_range(self):
        return self.not_after - self.not_before

+    @property
+    def max_issuance_days(self):
+        public_CA = current_app.config.get("PUBLIC_CA_AUTHORITY_NAMES", [])
+        if self.name.lower() in [ca.lower() for ca in public_CA]:
+            return current_app.config.get("PUBLIC_CA_MAX_VALIDITY_DAYS", 397)
+
+        return current_app.config.get("DEFAULT_MAX_VALIDITY_DAYS", 1095)   # 3 years default
+
    @property
    def subject(self):
        return self.parsed_cert.subject
--- a/lemur/static/app/angular/authorities/authority/distinguishedName.tpl.html
+++ b/lemur/static/app/angular/authorities/authority/distinguishedName.tpl.html
@ -46,8 +46,7 @@
        Organizational Unit
      </label>
      <div class="col-sm-10">
-        <input name="organizationalUnit" ng-model="authority.organizationalUnit" placeholder="Organizational Unit" class="form-control" required/>
-        <p ng-show="dnForm.organization.$invalid && !dnForm.organizationalUnit.$pristine" class="help-block">You must enter a organizational unit</p>
+        <input name="organizationalUnit" ng-model="authority.organizationalUnit" placeholder="Organizational Unit" class="form-control"/>
      </div>
    </div>
  </div>
--- a/lemur/static/app/angular/certificates/certificate/distinguishedName.tpl.html
+++ b/lemur/static/app/angular/certificates/certificate/distinguishedName.tpl.html
@ -62,9 +62,7 @@
      </label>
      <div class="col-sm-10">
        <input name="organizationalUnit" ng-model="certificate.organizationalUnit" placeholder="Organizational Unit"
-               class="form-control" required/>
-        <p ng-show="dnForm.organization.$invalid && !dnForm.organizationalUnit.$pristine" class="help-block">You must
-          enter a organizational unit</p>
+               class="form-control"/>
      </div>
    </div>
  </div>
--- a/lemur/static/app/angular/certificates/certificate/tracking.tpl.html
+++ b/lemur/static/app/angular/certificates/certificate/tracking.tpl.html
@ -151,6 +151,7 @@
                 uib-tooltip="yyyy/MM/dd"
                 uib-datepicker-popup="yyyy/MM/dd"
                 ng-model="certificate.validityStart"
+                 ng-change="certificate.setValidityEndDateRange(certificate.validityStart)"
                 is-open="popup1.opened"
                 datepicker-options="dateOptions"
                 close-text="Close"
@ -174,8 +175,8 @@
                 is-open="popup2.opened"
                 datepicker-options="dateOptions"
                 close-text="Close"
-                 max-date="certificate.authority.authorityCertificate.notAfter"
-                 min-date="certificate.authority.authorityCertificate.notBefore"
+                 max-date="certificate.authority.authorityCertificate.maxValidityEnd"
+                 min-date="certificate.authority.authorityCertificate.minValidityEnd"
                 alt-input-formats="altInputFormats"
                 placeholder="End Date"
          />
--- a/lemur/static/app/angular/certificates/services.js
+++ b/lemur/static/app/angular/certificates/services.js
@ -164,6 +164,20 @@ angular.module('lemur')
              this.extensions.keyUsage.useDecipherOnly = true;
            }
          }
+        },
+        setValidityEndDateRange: function (value) {
+          // clear selected validity end date as we are about to calculate new range
+          if(this.validityEnd) {
+            this.validityEnd = '';
+          }
+          
+          // Minimum end date will be same as selected start date
+          this.authority.authorityCertificate.minValidityEnd = value;
+
+          // Move max end date by maxIssuanceDays
+          let endDate = new Date(value);
+          endDate.setDate(endDate.getDate() + this.authority.authorityCertificate.maxIssuanceDays);
+          this.authority.authorityCertificate.maxValidityEnd = endDate;
        }
      });
    });
@ -264,6 +278,9 @@ angular.module('lemur')
          }
        }

+        certificate.authority.authorityCertificate.minValidityEnd = defaults.authority.authorityCertificate.notBefore;
+        certificate.authority.authorityCertificate.maxValidityEnd = defaults.authority.authorityCertificate.notAfter;
+
        if (certificate.dnsProviderId) {
          certificate.dnsProvider = {id: certificate.dnsProviderId};
        }
@ -292,3 +309,4 @@ angular.module('lemur')

    return CertificateService;
  });
+
--- a/lemur/static/app/angular/pending_certificates/services.js
+++ b/lemur/static/app/angular/pending_certificates/services.js
@ -144,6 +144,20 @@ angular.module('lemur')
              this.extensions.keyUsage.useDecipherOnly = true;
            }
          }
+        },
+        setValidityEndDateRange: function (value) {
+          // clear selected validity end date as we are about to calculate new range
+          if(this.validityEnd) {
+            this.validityEnd = '';
+          }
+
+          // Minimum end date will be same as selected start date
+          this.authority.authorityCertificate.minValidityEnd = value;
+
+          // Move max end date by maxIssuanceDays
+          let endDate = new Date(value);
+          endDate.setDate(endDate.getDate() + this.authority.authorityCertificate.maxIssuanceDays);
+          this.authority.authorityCertificate.maxValidityEnd = endDate;
        }
      });
    });
@ -230,6 +244,9 @@ angular.module('lemur')
            certificate.authority = defaults.authority;
          }
        }
+
+        certificate.authority.authorityCertificate.minValidityEnd = defaults.authority.authorityCertificate.notBefore;
+        certificate.authority.authorityCertificate.maxValidityEnd = defaults.authority.authorityCertificate.notAfter;
      });
    };